Professional Documents
Culture Documents
risks
Cristina Serban – Manager
Advisory Services
impact
HOW IS THE
and
RISK MEASURED?
likelihood.
Relationship
Sourcing Administration
management
Contract risks represent a major risk management and internal audit “blind spot” for many
companies. More efficient and effective contract processes and controls also represent an
important way for companies to “make their business better.”
of regular assessment
OR and monitoring
of contractual
Are you managing arrangements?
contract risk based on
TRUST?
ü Direct and tangible cost savings/revenue ü Opportunity to assess their own processes
recovery and controls
ü Assurance regarding the adequacy and ü Understand the nature and risks within the
effectiveness of partners controls contract
Information Timeframe and scope considerations will Increasing stakeholder value drives
Driver drive project reporting enterprise reporting
Risk Project risk categories usually mirror team Enterprise risk categories mirror
Categories structure, mapping to functional delivery organisational structure and focus on
area and therefore project deliverables: business activities:
Change Management, Integration, Program Financial reporting, supply chain
Management, Infrastructure, Testing management, business planning process
Purpose Considerations
ü The key items needed for regular monitoring of risks are included in the
example chart headings below. There is no need in regular team meetings to
evaluate risks unless new risks are raised. There should be specific sessions
scheduled for this purpose.
ü Teams should use these reports as a tool for their project planning and tracking
process by incorporating mitigation plans into their project plans.
Purpose Considerations
9
4 2
Risk Map to be used as a starting point for
3
12
4
4
3 8 5
6
11
3
16
15
2 17 1
14 7
10
18
2
y
li v e r
1
u tio n
t De
1
1 1 2 2 3 3 4 4 5 5 6
Cross-reference to deliverables to focus on
E xec
M gm
Consequence
Test
BPP
P ro j
Human Resources pulled back into the business at short notice X X X multiple deliverables.
Lack of business buy-in X
Resources required for testing are not available X
Purpose Considerations
Words - summary to support the visual (not the risk register) – sample structure:
Risk Area/ Category Brief Description Owner Mitigation Plan STC Action/Decision
Program Management –
Resourcing
Change Management
► Project risk information fails to include risks that will impact on the business.
This often contributes to a disconnect between the project and the business
and can result in surprises late in implementation.
► Isolatedrisk reporting can result in a lack of connection between the risk and its
impact on deliverables, timing, budget, and resources.
► Having no criteria in place to determine which risks get raised to which level
often results in an extensive lists of un-prioritised risks, many inappropriate to
discuss in the forum presented (i.e. program management meeting or steering
committee meeting).
► Using number of risks raised and closed is a misleading measure as its difficult
to understand the weighting of the risks and enforces a culture of risk resolution
rather than risk mitigation.
► Risks should never be reported as “closed” unless the probability can be rated
as zero (i.e. the contributing factors no longer exist). This is linked to a lack of
differentiation between a “risk” and an “issue”.